Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!samsung!uunet!mcsun!ukc!mucs!els.ee.man.ac.uk
From: dente@els.ee.man.ac.uk (Colin Dente)
Newsgroups: comp.sys.apollo
Subject: Patches and security
Keywords: Aargh!, security
Message-ID: <1469@m1.cs.man.ac.uk>
Date: 18 Jul 90 17:24:34 GMT
Sender: news@cs.man.ac.uk
Organization: Manchester Computer Centre, University of Manchester UK
Lines: 30

Ho hum - so much for my ideas about not disclosing the nature of
security-related patches...

Following Jim Richardson's recent mention of patch_m0121, and the importance
of installing the same, I thought 'Hmm... 'spose I'd better get hold
of a copy.'  So, I 'phoned the response centre here in the UK, said I was
after a security related patch, gave them the patch number, and waited
for them to call me back.  The first thing that the response centre
person did was to confirm that I had the right patch number by telling
me precisely the nature of the security hole that it fixes!!  Oh boy
oh boy! nasty one that.

Can I ask any HP/Apollo people reading this to press for it to become
corporate policy (or whatever you call it) NOT to disclose information
of this nature.  I intend to speak to the person involved, and whoever
is in charge of such things in the UK, but in the mean time, PLEASE
keep the nature of security holes quiet.

Anyway, I would repeat Jim's comments on this patch - get it and
install it!!

Colin



--
 Colin Dente                      | JANET: dente@uk.ac.man.ee.els
 Dept. of Electrical Engineering  | ARPA:  dente@els.ee.man.ac.uk 
 University of Manchester, UK     | UUCP:  ...!ukc!man.ee.els!dente 
--------------------------------------------------------------------